#Hacks and malware attacks | Explore Tumblr Posts and Blogs

unichrome · 1 year

Text

Evil Malware

Welcome back to another episode of An Actual Post. As usual, no prior computer science education needed. Today I'm going to talk about the worst of the worst malware. A lot of things has happened since what the general population consider to be viruses; annoying and maybe steals some money or logins. Unfortunately it's nowadays way way way worse than that so prepare for some uncomfortable reading!

Since the dawn of Stuxnet (which I wrote about here), malware has gotten increasingly more real-life, with real-life complications. It could be the Pegasus spyware, that targets political activists in authoritarian regimes, or disruptive infections that put a stop to Copenhagens metro trains for a few hours. But we're merely in the beginning, because in the last few years, some nasty shit has been going down. I'm going to write about two (technically three but I'll group the first two together for obvious reasons) of the worst incidents we've seen today.

BlackEnergy and CrashOverride

This piece of malware has been around since early 2000's, for the intention of creating DDoS attacks (which I wrote about here) from infected computers. It has since then branched out in its usage, particularly into targeting infrastructure environments. Most notable is the 2015 Ukrainian powergrid incident, which occured when the Russian hacking group known as "Sandworm", infected three Ukrainian energy companies, wiping out systems and causing a power outage for over 250 000 households during winter. The attack began with just one infected document being opened in the affected companies. When BlackEnergy infected their systems, it opened up a remote connection to the attackers, making them able to control the entire powergrid opreation from inside Russia, and thereby switching it off.

That was not enough though, as the attackers also implanted another piece of malicious software known as KillDisk, which wiped out many of the ciritical operation systems, as well as cutting off the connection to the UPS units, which are backup generators in case of system outage. To add a cherry on top, BlackEnergy did what it was originally intended to do - DDoS attacks - towards the energy companies call-centers, so that customers were not able to call and ask what was happening.

The Ukrainian powergrid is quite outdated, which made the attack easier, but it was also the saving grace, as they still had manual power-switches (as opposed to purely digital, which were under the attackers control), so power was eventually restored before they had to rebuild all of their digital systems. This is more concerning for countries with modern powergrids, as manual switches have all been replaced by only digital, meaning power restoration could take weeks or months in case of a similar attack.

Besides the energy companies, three other critical Ukrainian infrastructure organisations were hit by BlackEnergy, but did not result in any operational outages.

But it didn't stop there. Just one year later, in December 2016, a similar attack struck Kiev, successfully taking down one-fifth of the countrys electrical power. Like with the BlackEnergy incident, it was quite quickly restored, but there was a far more horrifying infection this time. Named CrashOverride, the malware was much more sophisticated than BlackEnergy, did more things automatically without the need of input from a remote attacker. It was also modular, meaning that functionalities could just be added to it like lego-pieces, adapting it to whatever kind of electrical grid it was entering. This meant that it wouldn't just be able to infect only Ukranian electrical grids, but just about any country's. Furthermore, evidence points to the 2016 CrashOverride infection only being a test-run.

Triton

Last but definitely not least - Triton, the first (known) malware designed to kill.

But before we talk about it, we need to look at what happened in Bhopal, India in 1984 when what has since been considered the worst industrial disaster of all time occured. At the Union Carbide India Limited pesticide plant in December 2nd, one of the gas tanks had a fatal malfunction, creating a massive gas leak of methyl isocyanate, which is extremely toxic. The leak spread to the surrounding city of Bhopal, resulting in almost 600 000 injured people, 40 000 temporary injuries, 4 000 permanent or severe injuries and over 8 000 people died within the first two weeks, with an estimated additional 8 000 deaths following due to injuries in the time after.

This was of course not caused by Triton, but it became the inspiration for the creation of the malware In 2017, a new piece of malware was discovered in Schneider Electrics industrial control system (called Triconex) at a Saudi Arabian petrochemical facility, which unravelled a horrible and complex secret. The infection chain for Triton contains many steps, so let's start with a brief overview of what the Triconex ICS and SIS is. ICS (Industrial Control System) are computers that handles all the industrial processes, computers that are programmed to do one thing and one specific thing only, unlike our regular PCs which you can play games or surf the internet and whatever. ICS will be computers who control valves, releases chemicals into vats, spins stuff around, or whatever automated processes may happen at an industrial facility.

SIS (Safety Instrumented System) are a kind of ICS that are responsible to check that everything is going alright and, if needed, will take over the process in case some ICS is failing and may result in damage, fire, injury or other disasters. So a SIS are monitoring failsafes, meant to prevent what happened in Bhopal.

Unless, of course, you program a malware intended to make the SIS malfunction.

What happened in the Saudi Arabian petrochemical facility started as follows:

The attackers successfully implanted a remote access trojan, which just like in the BlackEnergy case, makes the attackers able to control infected machines remotely. However, you can't infect a ICS or SIS this way, you need to enter a regular computer with internet access first, which is what they did. The initial machine was an engineering station, on which ICS and SIS computers are controlled. From there, the attackers wanted to plant their own software on the ICS and SIS machines, but there was a problem; the software can't be installed without someone turning a physical key on the Triconex devices, as a security measure. A second problem is that every time new software changes are made to a Triconex device, the old software will be deleted and replaced entirely by the new, which meant that the malware was at risk of being deleted if any engineer made any software changes.

So a second piece of Triton malware was made to overcome those hurdles. Instead of being save where the software should be saved in the Triconex devices, it saved itself where the firmware was installed (the piece of software that's made to have the Triconex work as opposed to where the software that tells the Triconex what to do), this not only gave Triton persistence even if new software was loaded, but also overrides the physical key as firmware always has administrator privileges. With all this in place, the attacker could execute any commands at the comfort of their home to both the ICS and SIS systems in the facility.

As luck would have it, before the attackers were able to cause any harm, the facility experienced a safety incident, prompting shutdown of the whole operation, and an investigation later uncovered the malware in the systems. Had Triton not been discovered in time, it would have been able to cause catastrophic failures similar to what happened in Bhopal. But just because it was thwarted this time, doesn't mean it's gone for good. There will always be some actor who is willing to try again.

Thank you for reading and sorry if I scared you, but honestly I think people need to be aware of the situation, as for some bisarre reason, events like these are not reported in the news. If you have any questions, feel free to send an ask!

#datatag #malware #triton #blackenergy #crashoverride #IT security #computer science #hacking

139 notes · View notes

mariacallous · 2 months

Text

Russia's military intelligence unit known as Sandworm has, for the past decade, served as the Kremlin’s most aggressive cyberattack force, triggering blackouts in Ukraine and releasing self-spreading, destructive code in incidents that remain some of the most disruptive hacking events in history. In recent months, however, one group of hackers linked to Sandworm has attempted a kind of digital mayhem that, in some respects, goes beyond even its predecessor: They've claimed responsibility for directly targeting the digital systems of water utilities in the United States and Poland as well as a water mill in France, flipping switches and changing software settings in an apparent effort to sabotage those countries’ critical infrastructure.

Since the beginning of this year, a hacktivist group known as the Cyber Army of Russia, or sometimes Cyber Army of Russia Reborn, has taken credit on at least three occasions for hacking operations that targeted US and European water and hydroelectric utilities. In each case, the hackers have posted videos to the social media platform Telegram that show screen recordings of their chaotic manipulation of so-called human-machine interfaces, software that controls physical equipment inside those target networks. The apparent victims of that hacking include multiple US water utilities in Texas, one Polish wastewater treatment plant, and, reportedly, a French water mill, which the hackers claimed was a French hydroelectric dam. It’s unclear exactly how much disruption or damage the hackers may have managed against any of those facilities.

A new report published today by cybersecurity firm Mandiant draws a link between that hacker group and Sandworm, which has been identified for years as Unit 74455 of Russia’s GRU military intelligence agency. Mandiant found evidence that Sandworm helped create Cyber Army of Russia Reborn and tracked multiple instances when data stolen from networks that Sandworm had attacked was later leaked by the Cyber Army of Russia Reborn group. Mandiant couldn't determine, however, whether Cyber Army of Russia Reborn is merely one of the many cover personas that Sandworm has adopted to disguise its activities over the last decade or instead a distinct group that Sandworm helped to create and collaborated with but which is now operating independently.

Either way, Cyber Army of Russia Reborn’s hacking has now, in some respects, become even more brazen than Sandworm itself, says John Hultquist, who leads Mandiant’s threat-intelligence efforts and has tracked Sandworm’s hackers for nearly a decade. He points out that Sandworm has never directly targeted a US network with a disruptive cyberattack—only planted malware on US networks in preparation for one or, in the case of its 2017 NotPetya ransomware attack, infected US victims indirectly with self-spreading code. Cyber Army of Russia Reborn, by contrast, hasn’t hesitated to cross that line.

“Even though this group is operating under this persona that’s tied to Sandworm, they do seem more reckless than any Russian operator we’ve ever seen targeting the United States,” Hultquist says. “They’re actively manipulating operational technology systems in a way that’s highly aggressive, probably disruptive, and dangerous.”

An Overflowed Tank and a French Rooster

Mandiant didn't have access to the targeted water utility and hydroelectric plant networks, so wasn't able to determine how Cyber Army of Russian Reborn got access to those networks. One of the group’s videos posted in mid-January, however, shows what appears to be a screen recording that captures the hackers’ manipulation of software interfaces for the control systems of water utilities in the Texas towns of Abernathy and Muleshoe. “We are starting our next raid across the USA,” reads a message introducing the video on Telegram. “In this video there are a couple of critical infrastructure objects, namely water supply systems😋”

The video then shows the hackers frenetically clicking around the target interface, changing values and settings for both utilities’ control systems. Though it’s not clear what effects that manipulation may have had, the Texas newspaper The Plainview Herald reported in early February that local officials had acknowledged the cyberattacks and confirmed some level of disruption. The city manager for Muleshoe, Ramon Sanchez, reportedly said in a public meeting that the attack on the town’s utility had resulted in one water tank overflowing. Officials for the nearby towns of Abernathy and Hale Center—a target not mentioned in the hackers’ video—also said they’d been hit. All three towns’ utilities, as well as another, in Lockney, reportedly disabled their software to prevent its exploitation, but officials said that service to the water utilities’ customers was never interrupted. (WIRED reached out to officials from Muleshoe and Abernathy but didn't immediately hear back.)

Another video the Cyber Army of Russia Reborn hackers posted in January shows what appears to be a screen recording of a similar attempted sabotage of a wastewater utility in Wydminy, a village in Poland, a country whose government has been a staunch supporter of Ukraine in the midst of Russia’s invasion. “Hi everybody, today we will play with the Polish wastewater treatment plants. Enjoy watching!” says an automated Russian voice at the beginning of the video. The video then shows the hackers flipping switches and changing values in the software, set to a Super Mario Bros. soundtrack. The Wydminy facility didn't respond to WIRED’s request for comment.

In a third video, published in March, the hackers similarly record themselves tampering with the control system for what they describe as the Courlon Sur Yonne hydroelectric dam in France. In fact, the French newspaper Le Monde revealed Wednesday that they had instead accessed the control system for a small water mill running through a village of 300 people. That video was posted just after French president Emmanuel Macron had made public statements suggesting he would send French military personnel to Ukraine to aid in its war against Russia. The video starts by showing Macron in the form of a rooster holding a French flag. “We recently heard a French rooster crowing,” the video says. “Today we’ll take a look at the Courlon dam and have a little fun. Enjoy watching, friends. Glory to Russia!”

In their Telegram post, the hackers claim to have lowered the French dam’s water level and stopped the flow of electricity it produced, though according to Le Monde, they failed to even affect the small water mill they actually tampered with.

In the videos, the hackers do display some knowledge of how a water utility works, as well as some ignorance and random switch-flipping, says Gus Serino, the founder of cybersecurity firm I&C Secure and a former staffer at a water utility and at the infrastructure cybersecurity firm Dragos. Serino notes that the hackers did, for instance, change the “stop level” for water tanks in the Texas utilities, which could have triggered the overflow that officials mentioned. But he notes that they also made other seemingly arbitrary changes, particularly for the Wydminy wastewater plant, that would have had no effect.

“You can see them flipping through all kinds of stuff just to click the button,” Serino says. “I would say there’s some level of understanding but not a full understanding of how the system works.”

Signs of Sandworm

Mandiant found multiple strong clues that Cyber Army of Russia was, at the very least, created with support from Sandworm if not entirely controlled by that unit of the GRU. YouTube accounts for Cyber Army of Russia were set up from an IP address known to be controlled by Sandworm, Google’s Threat Analysis Group found. (Mandiant, like YouTube, is a Google subsidiary.) On multiple occasions, Sandworm has also carried out what Mandiant’s Hultquist calls “attack-and-leak” operations against Ukrainian targets: Sandworm would penetrate the victim's network and infect it with wiper malware to destroy the contents of machines—but not before stealing the data from the network, which in several cases was later leaked in posts on Cyber Army of Russia Reborn's Telegram account.

Hultquist notes that Cyber Army of Russia Reborn's relatively “haphazard” hacking—and its entirely faulty targeting of what the hackers may have believed was a French dam—doesn't appear to match the style of Sandworm, which has, despite its incredibly callous cyberattacks, shown somewhat more deliberation in its targeting and methods. That may suggest an unusual situation, one in which a state-sponsored group created a more grassroots front that has now gone on to carry out even more reckless operations of its own. The GRU, Hultquist says, has “probably been involved in creating this group and running it. If someone even more aggressive than them comes along and operates in that space, carrying out these attacks, they’re not entirely blameless.”

Even as Sandworm's apparent spinoff carries out its chaotic attacks, Mandiant's report notes that Sandworm itself has shifted somewhat away from the more opportunistic disruptive operations it has carried out in the past. In the first year of Russia's invasion of Ukraine, it launched repeated wiper attacks against Ukrainian targets—many of the relentless, quick-and-dirty data-destroying strikes that Mandiant had previously attributed to the GRU as a whole were specifically the work of Sandworm, it has now concluded. Sandworm also carried out a third blackout attack in 2022, this time in concert with a missile strike on the same area. More recently, however, Sandworm has increasingly taken on an espionage and support role for Russia's physical war effort, the company's report notes.

That more careful coordination with Russia's physical forces has included an operation in which Sandworm used a piece of spyware that US government agencies dubbed Infamous Chisel to infect Android devices used by the Ukrainian military for command-and-control, an apparent effort to gain battlefield intelligence. Mandiant also points to a website set up on a Sandworm-linked server that appears to be a tool for Russian troops to exfiltrate data from captured smartphones, including links for extracting messages from apps like Signal and Telegram.

“As their war aims have evolved, we've seen the group evolve as well,” says Dan Black, a Mandiant analyst and coauthor of its Sandworm report who served as NATO's deputy head of cyber threat intelligence until last year. Black says Sandworm, like much of the Russian military, has had to change its approach, adapting to that espionage and support role as Russia's initial aim of quickly toppling Ukraine's government has shifted into a protracted war of attrition. “What we see is a real pivot away from that wiping activity toward espionage for battlefield enablement,” Black says.

Even as Sandworm shifts into that more traditional military intelligence role, however, the Cyber Army of Russia group that it likely helped to create continues to run wild with disruptive operations, far beyond the front lines of Russia's war in Ukraine. If that spinoff hacker outfit is truly independent of Sandworm, Mandiant's Hultquist notes, that may mean it will continue to demonstrate even less caution or discretion than the GRU's own hackers have.

“Someone under this persona is doing some really aggressive stuff, and they’re doing it globally, and they could ultimately cause a very real incident,” Hultquist says. “If this is just some random group of hacktivists who lack the structure and restraint of a military organization, they may cross lines in ways that no one anticipates.”

11 notes · View notes

alitheakorogane · 2 years

Text

SAGAU?

The SAGAU or Self-Aware Genshin Impact AU, especially Imposter AU, is a very intriguing concept... if we never counted the mischaracterization and irony of some of the characters.

I mean, the Archons are being batshit crazy hunting over you when these little hypocrites are doing the same thing with having similar faces with their statues, and their damn people never connected the dots on how the Archons are just beside them playing 'guess who' (Zhongli and Venti, I'm talking to you)?!

And where is Celestia in all of this shit (in some fics)?

So I have a great idea to explain why the characters are acting like medieval men with pitchforks in my version of the AU.

There are two real-life Genshin events that inspire me to do my twist on the AU:

Hoyoverse's plan is to create a virtual world by 2030, with Genshin Impact as the "prototype". They are also keen on putting an effort into AI-related research.

The recent controversy regarding the famous anti-cheat driver used in Genshin Impact is allegedly used for malicious intent by hackers, where it kills antivirus processes and services for mass-deploying ransomware.

I was also inspired by the Gravity Falls episode "Soos and the Real Girl", where a video game character, "GIFanny", who is from a dating game simulator (inspired by real Japanese dating sims), became sentient and zaps her programmers to oblivion when they try to delete her. Heck, her most prominent ability is the power to override computer functions, transfer herself between electronics, and can download a person's conscious mind into the digital world, thereby uniting that individual with her forever.

In short, she's a Yandere. Perfect.

Because of all of these, this SAGAU idea was born.

What if the rabid attitudes of the characters in SAGAU Imposter AU were caused by a computer virus attack on a certain vulnerable code in the game that was intended to introduce an AI for the developer's incoming virtual reality project?

The AI was designed to create the characters, whether playable or non-playable, very interactive in the digital world. The technology allows for the characters to gain 'sentience', to allow them to talk and interact with the players without any difficulty.

Unfortunately, because it was slightly unfinished, the code was vulnerable to hacks and computer bugs that could possibly attack the code, and eventually, the game installed by the player.

And there was this unlucky player, who unknowingly opened the computer bug this hacker had sent when they wanted to open a private server (the player doesn't know how to obtain them so they stumbled on this website).

Unknown to both of them, the AI had been affected by the virus differently than they expected. The characters, the lore... it all changed and twisted to something different.

The characters were now sentient, but the virus had made their personalities deviate from their actual personalities in the original lore, and the AI added one thing to the now-changed lore: the existence of the "Creator", the Almother of Celestia and Teyvat who made the fantasy world by the flick of their hand.

The virus, now knowing the existence of the Creator, created an imposter based on what it had gotten from your user preferences, and your social media accounts. Just like real-life malware does: stealing your identity online... to rule Teyvat and at the same time, fully infecting the game and the computer, finally sending the infected codes at a fixed time, this time on the surface web (like Google, Instagram, etc.)

Since they are now sentient, the AI can recognize the virus spreading on the game, and release their last resort to combat the imposter and the virus itself: bringing the real Creator to Teyvat by any means. The golden blood rushing in the Creator's veins acts like an antivirus or the cure to the game.

The Creator will also have allies intended to help the real one navigate through Teyvat. The Chosen Vessels, including a certain little Archon (with her being connected to the Irminsul, served as the AI's server), will help the Creator defeat the Imposter and their now corrupted Acolytes.

And the unsuspected player, who just loved playing Genshin Impact as a means of escaping reality, was the victim of all of this.

#sagau #sagau impostor au #genshin impact #genshin #sagau brainrot #self aware genshin #genshin impact sagau #sagau idea #self aware AU #imposter AU #genshin cult AU #sagau cult AU #cult AU

379 notes · View notes

felixstudios · 1 year

Text

Random Corporate Clash Headcanons, Getting a Virus Edition

For clarification, I'm talking about computer viruses! Also I HC that they themselves will get the virus and basically have symptoms ranging from glitching out to "normal" sickness presentations like coughing.

Duck Shuffler

🎰Dude probably gets something every other week and never learns from it

🎰Falls for free Robux, free Minecraft, free Discord Nitro, you name it

🎰Or maybe he knows it's probably a scam and just likes seeing what happens/taking the chance

🎰Literally does not care when he gets a virus

🎰Symptoms would be his slots spinning on their own and the near inability to speak

Prethinker

🧠I mean, this guy probably made an antivirus program for his own body so I'd be surprised if he did get a virus

🧠He will be so embarrassed if he did though

🧠Will absolutely try to hide it because someone as smart as him couldn't possibly get a virus

🧠Personally gets rid of it himself, or at least will attempt to

🧠If he finds out who made the virus he will send one back

🧠Symptoms would be glitching out and brain fog

Derrick Man

🛢️Doesn't often browse the Internet so this wouldn't be likely to happen

🛢️Probably got the virus from an email from a coworker who got infected

🛢️If not, he was trying to download an open source software like OBS and accidentally downloaded a fake virus.exe without noticing until it was too late

🛢️Will be pretty embarrassed but learn from his mistake and it probably won't happen ever again

🛢️Symptoms would probably be coughing and spewing oil out of his mouth

Deep Diver

🤿Had to have gone on a fake website advertising some kind of aquarium that didn't actually exist

🤿Downloaded a fake tour guide "PDF" {actually an .exe file} that had the virus

🤿Will be angry with whoever made the site and do a deep dive research on them to expose the person{s} behind it and take legal action against them

🤿Symptoms would be poor coordination and fever {or just overheating in general}

Rainmaker

⛈️Either got it from a coworker's infected email or a scam website trying to buy toys to appeal to toons

⛈️Regardless of where she got it, she won't pursue any actions against them

⛈️Will stay home until she's better

⛈️Symptoms would be coughing and not being able to control her weather powers {either as well or not at all depending on the severity}

Land Acquisition Architect

🚦Since he only really uses the Internet for work, it was probably an infected email. Maybe something more sophisticated like a COGS, Inc. embedded link in their website being hacked

🚦Will attempt to ask other coworkers for help and be pretty open about what happened

🚦Will also warn his coworkers about it

🚦Symptoms would be his eyes flickering and weakness

Gatekeeper

⚔️She doesn't

Witchhunter

🔱He also doesn't

Public Relations Representative

🧱He ALSO doesn't {because he's isolated even from the Internet}

Bellringer

🔔Someone didn't like him and personally launched a cyber attack against him, probably because he said a bit too much about them that they didn't like

🔔Got quite a few bits of malware from it and had to get repairs

🔔EVERYONE knows he was cyber attacked because he told everyone. They also know he would love to launch one back at them

🔔Symptoms would be paralysis of his bell, blindness, fatigue, and auditory sensitivity

Multislacker

🥪Got it trying to pirate software because he was too lazy to put in his dad's card information/too lazy to ask his dad to put in his card information

🥪Literally wouldn't care

🥪Just keeps watching TV all day waiting for it to go away until his dad finds out and makes him get repairs

🥪Symptoms would be coughing and glitching out

Mouthpiece

☎️Before she learned about Internet safety protocol, she was dealing with a client via email who "accidentally sent too much money" and asked her to click on a link to Venmo/Paypal/ETC to pay the difference back. She clicked on the link and that's how she got infected

☎️Not hard to track down the client because they used their real name, so let's just say that client had a nice welcome home that evening and then had to go to the hospital

☎️She also took legal action against them and the court ruled in her favor

☎️Symptoms would be her mic cutting out/going to static randomly, phantom phone rings, and a cough

Major Player

🎹Dude was on a suspicious website I cannot make too many references to in an attempt to remain mostly family friendly

🎹He clicked on an ad by accident and immediately panicked, but it was too late. His browser automatically downloaded and opened something because of the website's script to auto download and his settings to automatically open downloaded files...

🎹He uninstalled it and closed everything, but it was too late

🎹Refused to tell anyone about it and just kinda went radio silent for a few days

🎹Symptoms would be his piano teeth randomly playing notes, light sensitivity, and dizziness

Firestarter

🔥Knew he was being scammed with a fake link, but he didn't wanna upset the other person

🔥Pretty much just allowed himself to get infected

🔥Apologized profusely to everyone around him while he was sick

🔥Symptoms would be his body heat and fire powers going way out of control and essentially setting basically anyone and anything around him on fire, regardless of what it was made of

Plutocrat

🌑If you try to give this guy a virus you're either incredibly ignorant or incredibly brave

🌑He will find you. And he will kick your behind.

🌑Symptoms would be coughing and temperature sensitivity... and a runny nose

Treekiller

🪵He'd get it from a work email since he doesn't really go online

🪵Would be very obnoxious about it and try to help his coworker{s} find who was responsible so he could 'teach them a lesson'

🪵He's going to cut up all of their wooden furniture and maybe even parts of their house if he's upset enough

🪵Symptoms would be poor coordination, headache, and nausea

Chainsaw Consultant

🪚For everyone's safety, please do not let him get a virus

🪚The company would invest in very strong antivirus programs for his body for safety concerns

🪚If he does manage to get a virus, it was probably someone directly cyber attacking him

🪚What happens if he's sick? His chainsaw doesn't stop operating and he gets very emotional... let's just say there was a workplace incident that luckily only ended in Acorn Acres having a large amount of trees cut down

Featherbedder

💤She wouldn't really get a virus... I don't even know how she'd get one

💤But if he did, he'd just sleep through the whole thing

💤Literally wouldn't care

💤Symptoms would be runny nose, sore throat, and a headache

Pacesetter

👟Once again, I have no clue how this guy would even manage to get a virus

👟Dude would be pretty upset though. How could someone as awesome as him get infected?

👟Would either tell nobody or make a HUGE public scene about it and I can't tell which

👟Symptoms would be extreme weakness {possibly to the point of being incapable of walking} and glitching out

74 notes · View notes

lunarsilkscreen · 6 months

Text

HTML, RichText, and BB_Markup

Back in the day "RichText" or text that can be stylized like you would in Microsoft Word, or an E-Mail, wasn't often available in social media platforms.

And there's still some social media platforms who don't allow it at all.

This has multiple reasons, the processing is done in script at the browser level, and so there used to be performance reasons not to allow it. Or most of your users would experience a slow down just to view the text, why bother with it?

As browsers started getting more comfortable and fast enough to deliver HTML pages, with the markup allowed in HTML, HTML became the default. But as JavaScript grew in popularity, scope and use. HTML itself became a way for people to inject scripts directly into the page.

And instead of just, cleaning script tags and other injection vulnerabilities, websites took HTML away from users all together. This was a problem, in Part, directly influenced by the W3C {World-wide web consortium}, and big-browser (Microsoft, Netscape, and Mozilla, and later Google, Apple, and Opera) who all implemented HTML/CSS/JS differently.

Nobody knows why they did this, they just did. (Actually, there's a bunch of different reasons, but as you look deeper into the rabbit hole, the more absurd it gets.)

After that, forum and social media designers came up with *BB_Markup* I think BB means blackboard, but who knows for sure anymore.

BB was basically a shorthand HTML markup that used square-brackets instead of triangle-brackets, and at a server level, that markup got turned into *safe* HTML markup--to avoid user-level injection attacks.

We also get a bunch of other short hand that may or may not be used in certain platforms (like reddit) to this day. Wrapping text in asterisks to italicize a word, or tildes or the little wavey dash (~) which denote bolding under lining or strike through depending on what you're used to.

All sorts of things that some people who were netizens of the 90s and early-00s might still be in the habit of using.

Today, there's little reason for browsers to even allow <script> or script-referencing mark-up at that particular level anymore. Which would solve A LOT of early security issues. But they don't change it back because a lot of websites still use tricks like that, because that's what developers do.

Even though advertising still allows injection and browser-hijacking at a "user-level" just like in the olden days. Yep, if you host ads, there's a good chance you're allowing those ads to deliver malware to your users.

Looking at you YouTube and websites that say "Please stop using ad-block". They don't use them to prevent you from getting paid, they use them to stop you from injecting their device with malware.

You big dummys.

That's part of the reason why I'm an advocate of "ad-reform". Advertising companies are leveraging their ad-platforms for more than simply delivering ads.

There's a drive to put internet tools only in the hands of companies, taking net freedoms a lot of early-adopters take for granted, not like ad-block, more like not having to worry about malware being delivered to you while you're powerless to stop it.

I'm not even talking about internet surveillance, I'm talking about advertising companies delivering malware to office equipment. You know those hacks that seemingly target large databases everyday?

Paid Advertising.

Since a lot of, too many even, Internet users these days even know the basics of HTML/CSS/JS, they don't even get to see what it feels like to have the inspection tools be taken away from you so you can see how it is these websites are f* you.

I can't even [view source] on my phone anymore. *That's considered* a bigger security risk than ad-delivery hijacking *your* phone.

How much does ad delivery cost these days, and you can see, that's the price of delivering malware to the user. Not just advertising products.

11 notes · View notes

genocidalfetus · 7 months

Text

Meeting The Voodoo Boys, another chunk of Johnny's memory, Alt, and A Promise

Vilem went to the Chapel that Mr. Hands told him to go to in order to meet with an informant of the Voodoo Boys. A funeral is a strange place to meet someone, but Vilem has met with people in stranger places. He was told to go to a butcher shop to meet with someone named Placide.

Placide is not a talkative man.

Vilem is lead into the HQ and told about the gig he's gonna be hired for, but not before being forced to be scanned. He has to infiltrate the GIM and hack a truck. No biggie, only he has to sneak past a bunch of Animals who have taken residence in the place.

Here goes nothin...

Sneaking past those lunkhead Animals was no problem. Hacking the van was cake, until Netwatch decided to interfere. Now Vilem had to hunt down an agent.

The Netwatch Agent, Bryce Mosley, offers Vilem a deal. He doesn't kill him and Bryce not only lets Brigitte and her netrunners go, but also gets rid of the malware Placide put in his system. Johnny didn't like it, but Vilem didn't like being double-crossed more so he took the deal.

Placide was pissed, but didn't interfere with Vilem talking to Brigitte. She told him why she needed the chip, and Vilem told her that it was in his head and had to stay there or he would die. She claimed she could help, but she needed a bit of the chip to talk to Alt.

Vilem agreed to help her so she could help him. Both went into the net, where Brigitte told him they would need to elicit an emotional reaction from Johnny via a memory. Another dive into the Rockerboy's life...

2015. A post-show fight with Kerry, who Vilem noted was damn cute at that age, even if he was pissed at Johnny.

A romp with Alt in the dressing room.

A post-coital fight, followed by an ambush outside that concluded with Johnny's guts being stabbed and Alt being thrown into a van.

Johnny woke up at a ripperdoc with the man who dragged him there, Lyle Thompson, a media. He told Johnny that he and Alt were supposed to have met that night and that Alt had been taken by Arasaka. Johnny was livid, wanting to get her back. So he enlists in the help of Rogue, his ex and her associate Santiago.

Johnny concocts a plan. Samurai incite a riot outside Arasaka Tower, providing enough of a distraction for Johnny, Rogue, Santiago and Thompson to sneak in. They clean house, but the plan fails. Johnny unplugs Alt from the net, killing her by accident.

The memory ends, Vilem calls Johnny out on his lies and then Brigitte reveals the truth. She had no intention of helping Vilem at all, but needed him to go beyond the blackwall to talk to Alt. Vilem reluctantly agrees as Brigitte and her netrunners are all killed by Netwatch. Alt managed to get Vilem and Johnny out of harm's way so they can talk. She agrees to help separate Johnny and Vilem if they can get her into Mikoshi. With a plan in mind, Vilem is shot back into reality, where he fights his way out of the underground, forced to kill Placide and the rest of the VDBs.

Vilem has another relic attack, one so bad it renders him unconscious. He wakes up on the balcony of the Pistis Sofia hotel in Pacifica. Johnny dragged him there.

They go into a room, one where Johnny said he hid out in after he deserted. Vilem finds his dog tags. Then and there Johnny states that he will leave Vilem's head, even if that means dying in the process. The dog tags were his way of making that promise. But first, Vilem had to do something for him. Help him get Smasher once and for all, and enlist the help of Rogue to do it. Vilem, feeling like he can trust Johnny a little bit more than before, agrees to this exchange.

#cyberpunk 2077 #virtual photography #vilem davydkin #kerry eurodyne #johnny silverhand #rogue amendiares #alt cunningham #placide #maman brigitte #narrative photomode #not sure if people care about these things but I do like to show the plot-important bits through my V's eyes so I'll continue to do this

9 notes · View notes

just-another-turkey · 11 months

Text

Ao3 DDoS attack- an explanation

For anyone missing their fanfics (like me), this article gives an general outline what going's on with Ao3.

For anyone hoping that they might be able to get to their fanfics soon, I suggest not getting your hopes up. Ao3 may be up in a couple hours (hopefully) , but there's a possibility that could last for several days depending on how how severe the attack is and how many resources the attackers have, Ao3 is handling this attack, and what response plans they have in place.

Some things to know if you're not familiar with DDoS attacks... it's time to use my education.

Disclaimer: I'm not affiliated with Ao3 other than being a user. I don't know what security measures they have in place, or what their security is. This is my personal- though knowledgeable- thoughts what may be going on behind the scenes.

Also, if the idea of the DDoS attack is scaring you in anyway- take a deep breath. It's going to be OK, even if my post may come across as dark (if so, I am sorry about that). It only meant to inform and educate Tumblr users on what is going on, and what might Ao3 may be doing. Do not panic just because of this post.

So, let's get started.

a. DDoS stands for distributed Denial of Services attacks. So that means the attackers is using multiple third party devices (such as other servers, botnets*) to make so many requests (think millions per minute) to the Ao3 servers that the servers use up all their resources, preventing us legitimate users from using them.

b. A slight side note- I've heard some people say that it's because of one person that Ao3 is down. It may just be one person, but setting up a DDoS attack is easier with a team. It is likely it is a group of attackers behind this- most attacks have multiple people involved in one form or another. This isn't the most relevant point I have, but just something people should know- there may be more than one attack.

c. To stop this attack, Ao3 is going to have to block all malicious traffic from reaching the servers. However, since this is a distributed attack, they are going to have to block multiple IP addresses. This is going to take some time.

d. We also have to consider if Ao3 has a response plan in place. Response plans are, as the name suggests, what the organization does in the case of an event. For ao3, that means who are they going to contact to fix this issue. But if there isn't a response plan in place already, it going to take longer for them to stop the attack because they're fixing this on the go- a difficult thing to do.

e. Once the attack has been stopped, it won't be over for Ao3, there are two more things they need to do- complete forensics to determine any possible damage to their servers and complete an After Action Review.

e1. While it is most likely that everything will be back to normal system wise after the attack has stopped, Ao3 would be smart to conduct forensics on their system to see if there are any anomalies (malware or indications of a breach). Attackers sometimes use DDoS attacks to cover their tracks when they hack into a system. Not likely here, considering the target won't have super sensitive information that an attacker wouldn't bother with trying to get. But the possibility is always there- however small.

e2. if they want to mitigate the risk of such attacks happening again- they need to complete After Action review (AAR). In AAR, Ao3 is going to have to look at what happened, and determine what they can do to ensure this doesn't happen so easily again. Hopefully, this means writing up or editing and improving their response plan, improving their security measures, etc.

f. Most importantly, your information is unlikely to be compromised. The most damage you will receive is not being able to access Ao3's servers. Ao3 has said that you don't need to change your passwords if you have an account. That being said, if you have a weak password, definitely change it anyway. (like I'm talking is you're using weak passwords. See the following link for what weak and strong passwords are: https://security.harvard.edu/use-strong-passwords )

That's what I have to say for now. Again, this post is not associated with the team at Ao3, I am independent and have no insider knowledge, just knowledge from being a security student. Ao3 will likely say more in the future, so keep an eye for it, and hopefully we'll be able to back to our fics.

If you have any questions about this attack or general cybersecurity, my asks are open, there are comments, and I will respond to them as quickly as I can. If you are in security, and I got something here, please tell me because I do not want to spread misinformation or cause panic.

Heard from your mother (she don't recognize you), I'll be waiting for you.

*compromised computers or other devices with internet connection with malware

#ao3 #cybersecurity #cyberattack #sorry this is a long post #there may be some spelling or something is written badly #i wrote this in one sitting and i barely proofread so im sorry #I will clarify if anyone is confused by anything i said #the goal is to educate anyone willing #not alarm anyone #not what i usually post but i got excited when I saw the DDoS banner on Ao3 and wrote this in an dopamine craze

15 notes · View notes

sweepstakedaily · 1 year

Text

Get Free PSN Codes Instantly!

Discover the easiest way to get free PSN codes and start enjoying your favorite games on PlayStation. Get codes Instantly now and start playing!

How to Get Free PSN Codes Instantly

Many websites and apps offer rewards for completing surveys, watching videos, or playing games. These rewards can often be redeemed for free PSN codes. If so, you’re in luck! In this blog post, we’ll discuss how to get free PSN codes and the various methods you can use to get them. We’ll also provide some tips on how to make sure you get the best deals and avoid scams. So, if you’re looking for free PSN codes, read on!

The first way to get free PSN codes is to take advantage of promotional offers. Many companies offer promotional codes that can be used to get free PSN codes. These codes can be found on websites, in magazines, or even in emails. To get the best deals, it’s important to keep an eye out for these offers.

Another way to get free PSN codes is to join online forums and communities. Many of these forums and communities offer free codes as rewards for participating in their activities. It’s important to read the rules and regulations of each forum or community before participating.

PlayStation gift card Code Giveaway

One of the easiest ways to get free PSN codes is by participating in giveaways. Many gaming websites and social media accounts regularly giveaway for free PSN codes. Keep an eye out for these opportunities and enter as many as possible. You never know when you might get lucky and win a free code.

Free PSN Codes Generator

Although using a PSN code generator may seem like a quick and easy way to get free PSN codes, it is not recommended due to its risks and legality. A PSN code generator is a program or website that claims to generate valid PSN codes that you can redeem on your account. However, most of these generators are fake or illegal, as they use algorithms or hacks to generate random codes that may not work or may violate the terms of service of PlayStation.

Using a PSN code generator can also expose you to malware, viruses, or phishing attacks that can harm your device or steal your identity. Moreover, if you are caught using a fake or stolen code on your account, you may face penalties such as account suspension or legal action. Therefore, it is best to PSN code generators methods of obtaining PSN codes.

#psn #playstation #gift card #free #freebies

12 notes · View notes

mariacallous · 9 months

Text

Last week, WIRED published a deep-dive investigation into Trickbot, the prolific Russian ransomware gang. This week, US and UK authorities sanctioned 11 alleged members of Trickbot and its related group, Conti, including Maksim Galochkin, aka Bentley, one of the alleged members whose real-world identity we confirmed through our investigation. Coincidence? Maybe. Either way, it's a big deal.

In addition to the US and UK sanctions, the US Justice Department also unsealed indictments filed in three US federal courts against Galochkin and eight other alleged Trickbot members for ransomware attacks against entities in Ohio, Tennessee, and California. Because everyone charged is a Russian national, however, it is unlikely they will ever be arrested or face trial.

While Russian cybercriminals typically enjoy immunity, the same may not remain true for the country’s military hackers. The lead prosecutor of the International Criminal Court (ICC) says the ICC will begin pursuing charges for cyber war crimes. The prosecutor, Karim Khan, did not name Russia, but the move follows a formal petition from the Human Rights Center at UC Berkeley’s School of Law asking the ICC to prosecute Russia’s Sandworm hackers for war crimes. Part of Russia’s GRU military intelligence agency, Sandworm is responsible for causing blackouts in Ukraine, the only known instances of cyberattacks shutting down an electrical grid. Sandworm also released the NotPetya malware against Ukraine, which ultimately spread globally and caused an unprecedented $10 billion in damages worldwide.

Russia is far from the only country that engages in offensive cyberwar tactics. China-backed hackers have repeatedly targeted the US and other countries, and they may be getting some help finding unpatched vulnerabilities. A Chinese law passed in 2022 demands that any network technology company operating in the country share details about vulnerabilities in its products with the Chinese government within two days of their discovery. Information about these vulnerabilities may then be shared with China’s hackers. It’s unclear how many Western companies comply with the law or provide enough information to allow Chinese hackers to exploit the products’ flaws.

Speaking of Chinese hackers, Microsoft this week finally explained how China’s state-sponsored hackers managed to steal a cryptographic key that allowed the attackers to successfully access the Outlook email accounts of at least 25 organizations, including US government agencies. According to Microsoft, the hackers broke into the account of a company engineer using token-stealing malware. They then used that account to access a cache of crash data that accidentally contained the signing key they then stole and used to go on an Outlook hacking spree. None of this was supposed to be possible, and Microsoft says it has corrected several flaws in its systems that allowed the attack to happen.

Before he died in a mysterious plane crash last month following an attempted coup against Russian president Vladimir Putin, Yevgeny Prigozhin wasn’t just the leader of the Wagner Group mercenaries. He was also the head of the notorious Internet Research Agency (IRA), a Russian outfit responsible for widespread disinformation campaigns. While the IRA was reportedly shut down, new research shows that pro-Prigozhin trolls continue to push his agenda. Many of the accounts spreading disinformation on X (formerly Twitter) have been banned. But since when has that stopped them?

Elsewhere, we explained how prompt injection attacks against generative AI chatbots like ChatGPT take advantage of a flaw that’s difficult to fix. We detailed how hard it is to opt out of allowing Facebook to use your data to train its AI. We have a rundown on Proton Sentinel, a suite of tools that are similar to Google’s offerings but with a strong emphasis on privacy and security. We also co-published a story with The Markup into Axon’s quest to build Taser-armed drones. And we got the inside scoop on a meeting between top US spies and civil liberties groups over Section 702 of the Foreign Surveillance Intelligence Act, which is set to expire at the end of the year.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Your New Car Is a Privacy Nightmare

Car companies are collecting and selling extremely detailed personal data from drivers who have no real way to opt out, a new report from the Mozilla Foundation found. Researchers spent hundreds of hours studying 25 privacy policies for major car brands and found that none of them met the foundation’s minimum standards around privacy and security.

According to the report, modern cars, stuffed to the roof with sensors, collect more information about you than just about any other product in your life. They know where you go, what you say, and how you move your body. Nissan’s privacy policy, for example, allows the company to collect and share drivers’ sexual activity, health diagnosis data, and genetic information, according to the report.

Eighty-four percent of the brands that researchers studied share or sell this kind of personal data, and only two of them allow drivers to have their data deleted. While it is unclear exactly who these companies share or sell data to, the report points out that there is a huge market for driver data. An automotive data broker called High Mobility cited in the report has a partnership with nine of the car brands Mozilla studied. On its website, it advertises a wide range of data products—including precise location data.

This isn’t just a privacy nightmare but a security one. Volkswagen, Toyota, and Mercedes-Benz have all recently suffered data leaks or breaches that affected millions of customers. According to Mozilla, cars are the worst category of products for privacy that they have ever reviewed.

Update Your iPhone: Apple Fixes No-Click Zero-Days

Apple has just released a security update to iOS after researchers at Citizen Lab discovered a zero-click vulnerability being used to deliver Pegasus spyware. Citizen Lab, which is part of the University of Toronto, is calling the newly discovered exploit chain Blastpass. Researchers say it is capable of compromising iPhones running the latest version of iOS (16.6) without the target even touching their device. According to researchers, Blastpass is delivered to a victim’s phone through an iMessage with an Apple Wallet attachment containing a malicious image.

The Pegasus spyware, developed by NSO Group, enables an attacker to read a target’s text messages, view their photos, and listen to calls. It has been used to track journalists, political dissidents, and human rights activists around the world.

Apple says customers should update their phones to the newly released iOS 16.6.1. The exploit can also attack certain models of iPads. You can see details of the affected models here. Citizen Lab urges at-risk users to enable Lockdown Mode.

North Korean Hackers Target Security Researchers Again

North Korea-backed hackers are targeting cybersecurity researchers in a new campaign that is exploiting at least one zero-day vulnerability, Google’s Threat Analysis Group (TAG) warned in a report released Thursday. The group did not provide details about the vulnerability since it is currently unpatched. However, the company says it is part of a popular software package used by security researchers.

According to TAG, the current attack mirrors a January 2021 campaign that similarly targeted security researchers working on vulnerability research and development. Like the previous campaign, North Korean threat actors send researchers malicious files after first spending weeks establishing a relationship with their target. According to the report, the malicious file will execute “a series of anti-virtual machine checks” and send collected information—along with a screenshot—back to the attacker.

Georgia DA in Trump RICO Case Gets Doxxed

In order to shield prospective jurors from harassment, District Attorney Fani Willis asked the judge in Donald Trump’s racketeering trial to prevent people from capturing or distributing any sort of image or identifying information about them. The motion, filed in Fulton County Superior Court on Wednesday, revealed that immediately after the indictment was filed, anonymous individuals on “conspiracy theory websites" had shared the full names, ages, and addresses of 23 grand jurors with “the intent to harass and intimidate them.”

Willis also revealed that she had been the victim of doxxing when the personal information of her and her family—including their physical addresses and “GPS coordinates”—was posted on an unnamed website hosted by a Russian company. Willis, who is Black, had previously disclosed that she faced racist and violent threats after the announcement of her investigation into the former president.

18 notes · View notes

alitheakorogane · 2 years

Text

Corrupted Game!SAGAU, but loosely based on Wreck-It Ralph...

Link of my concept of the Corrupted Game!SAGAU (Imposter AU): here.

Never thought that my concept of SAGAU can be similar to Wreck-It Ralph's, especially with the story of Vanellope Von Schweetz, the main female character of the movie...

I forgot that she is also a video game character who had a similar fate to the Reader/Player/Divine Creator in SAGAU fics: an outcast who was hunted by every single character just because they're special and in the playable characters' words, "an anomaly to the game that deserves to be executed/deleted"...but found out that they are actually prominent characters to their respective worlds.

I love the movie, and I will be adding some conceptual SAGAU ideas also inspired by the film.

The concept is still a regular Imposter!AU but with some touches that I have discussed in my last SAGAU posts (link is shown above).

The developers of Genshin Impact intended to introduce AI for the developers' incoming virtual reality project, and the latest updates are more like the beta test for that project. (Based on Hoyoverse's actual plan is to create a virtual world by 2030, with Genshin Impact as the "prototype".)

Unfortunately, because it was slightly unfinished, the code was vulnerable to hacks and computer bugs that could possibly attack the code, and eventually, the game installed by the player.

The hacker, who is also a Genshin player, eventually finds out about it and made a computer bug to try how it will affect the game and warn others about the danger it causes. Then they posted it on some shady website under the guise of a private server or something....and the unlucky player takes the bait (when I thought about the idea, a similar creepypasta had been trending in Tiktok at the same time: a Russian player encountering the Faceless Ayato because they downloaded a questionable copy of the game from a shady website.)

The characters (Vessels), the lore... it all changed and twisted to something different when the AI was attacked by the virus. The characters were now sentient, but the virus had made their personalities deviate from their actual personalities in the original lore, and the AI added one thing to the now-changed lore: the existence of the "Creator", the Almother of Celestia and Teyvat who made the fantasy world by the flick of their hand.

The virus, now knowing the existence of the Creator, created an Imposter who acts, looks, and sounds like the player, taken from the files and sensitive private information saved in their computer. Just like real-life malware does: stealing your identity online... intending to infect the game and the computer, and finally sending the infected codes at a fixed time, this time on World Wide Web.

Since they are now sentient, the AI can recognize the virus now spreading on the game, and release their last resort to combat the imposter and the virus itself: bringing the real Creator to Teyvat by any means. The golden blood now rushing in the player's veins acts like an identity of the real Creator.

The 'Creator' (or the actual Imposter), now sensing the player's presence, had decided to prevent the player from destroying the 'Creator' and the virus itself.

Fortunately for them, they had the ability to access the game codes by accessing a certain backdoor, so they hacked the coding of the game to lock all memories of the player's previous status and eventually replace the player with the Imposter in the Teyvatians' memories, therefore, branding the player as an Imposter instead of the actual one.

They also made nearly all Teyvatians submissive to them by changing and corrupting their codes and game files, overriding their actual in-game personalities with obsessive adoration for the 'Divine Creator', therefore creating a cult. This way, they could leave the 'Divine Creator' Imposter to take full control of the game without anyone standing in their way.

Unfortunately for the 'Almother' Imposter, not everyone was affected by the reformatting of the memories. Some Chosen Vessels, the inhuman Weekly Bosses, gods (like Osial), the Abyss Order, and the Twins (Lumine and Aether) can still recognize the real Creator's aura due to the AI's influence, which now resided as the Irminsul. That means Lesser Lord Kusanali, out of all the Archons, knows who is the real Creator immediately due to her connection to the Tree.

The Abyss Order doesn't like the Divine Creator much because to them, they were MIA when Khaenri'ah was destroyed 500 years ago. But they had thoughts to help the player in their journey, maybe because they may be the key to the re-establishment of Khaenri'ah and the permanent removal of their curse...or they were now hunted by the Archons, the ones they hated the most. Well, the enemy of my enemy is my friend, they say.

Now they are now seen as the Supreme Almother and Creator of Celestia and the Seven Nations. Compared to the records and tombs depicting the Creator, they act in a very cruel manner to their subjects, but the Teyvatians, especially their acolytes, still loved them blindly (mainly due to the reformatted memories).

In order to keep the Imposter/player (actual Divine Creator) from ruining their plans of ruling Teyvat and infecting the game, the now Almother of Teyvat immediately takes action by forcing their Acolytes to get rid of them, dead or alive. They then create a set of harsh rules to which everyone, including the Archons, in the land of Teyvat takes heed.

The Withering appears once again since the parts of the Irminsul were corrupted again, this time by the computer malware. Since the AI now resides within the Irminsul (as a temporary measure) and the malware had slowly attacked the vulnerable part of the codes that make up the AI, corrupted parts in the form of the Withering appear on the Tree once again, possibly forming into Marana if untreated.

The Traveler and their Abyss Twin cross paths with the player every now and then, with different purposes. Since they are technically Outsiders/Descenders, they never really knew who the Almother of Teyvat is (and they are technically the MCs of Genshin Impact which happens to have more codes and files encoded on them because of them resonating with different elements, therefore randomized kits in their builds, which the virus had difficulty to replace).

The Traveler just seeks the player out to seek answers about their sibling and the truth of the world. The Abyss Twin seeks the player out to seek answers about the key to revive Khaenri'ah or to convince the player to join their cause. Because having the Creator on your side increases your chance of a successful plan against every single pathetic creature on Teyvat.

All the player had to do is to seek the Irminsul in Sumeru, as the AI knew about the total antivirus cure and a reset button to all of this. The virus' creation never knew that there is actually a way to combat the oncoming infection of the game.

All the player had to do is to avoid the corrupted Acolytes and the Abyss Order's plans, seek the Irminsul for answers and find the 'reset' mode of the game to reverse every single damage the virus' nefariously did that had made it to the game. And to stay alive and sane in all of this shit.

More to add on later reblogs, whenever another idea pops up for this concept!!

290 notes · View notes